What to Consider for Securing Retirement Accounts

Hackers want your money, and that includes your retirement nest egg. The bottom line is this: If you have a 401(k) account, be careful about who you allow to access it.

If you’re a 401(k) plan provider, or even an employer who offers your workers such a plan, be sure to warn participants about the potential for hacking. You should consult regulations – like the Employee Retirement Income Security Act of 1974 – related to your financial responsibility related to account protection, loss, and replacement. Then you can be sure to communicate the right messages to account holders (and their employers) on how to safeguard 401(k) savings.

For example, 401(k) providers should be alerted that fraudsters are a real threat to these accounts. Studies indicate that foreign hackers are trying to gain access to the $5.3 trillion in U.S. 401(k) assets today.

That said, it makes sense to warn retirement plan holders to avoid granting access to their accounts via email, phone, or text – even when communications appear to be from their employer or the plan administrator. Phishing is a common way frausters masquerade as legitimate organizations to get unsuspecting people to reveal personal information like account numbers and passwords.

Plan administrators and sponsors may also want to suggest that 401(k) account holders use strong passwords, change those passwords often, employ two-factor authentication, and avoid doing financial transactions on unsecured public connections. Voice authentication is another great option for providing a high level of security to 401(k) accounts.

Plan administrators and sponsors may want to configure the plans they offer and the systems they use to support them to only allow 401(k) account changes or withdrawals to occur when a certain set of steps are performed and information provided. Again, voice authentication provides a unique security mechanism that makes hacking very difficult.

When accounts are hacked, people and organizations suffer. If sponsors or third-party administrators are found at fault, they may be responsible for replacing that loss.